Hence this is why I started this topic, because if you look on the net nine tutorials out of ten (ok that was a blatant lie, but close to truth) state that you have to manually set up kerberos. I think that is ridiculous yet I have been told that I have to do it "in case" and I say: IN CASE OF WHAT???? And I never get a straight answer, or one thant I can disprove because no examples are given.
So I started this thread... Please continue on! :-) On Fri, 16 Oct 2009 10:15:09 -0600, Robert LeBlanc <[email protected]> wrote: > On Fri, Oct 16, 2009 at 6:27 AM, Matthew J. Salerno > <[email protected] >> wrote: > >> Looking at your post, there doesn't seem to be anything in the krb5.conf >> file that would make it work. Do you know which setting was the "magic" >> one? >> I would be interested to know. We use RID for ID mapping since we only >> had a >> few ID hard coded in our AD and it works fine with a minimal krb5.conf >> file. >> --------------------------------------------------- >> >> If that's the case, then you should probably be falling back on the >> template settings. >> template homedir & template shell >> >> All I did was configure my krb5.conf based on the hundreds of >> wiki/howto/faq's and forum posts I read. I'm not sure what the "magic" >> one >> is, but I know that it works when I do the kinit. >> >> What issues are you having? >> >> >> I am not have any issues, Samba is working exactly how I would like it >> to. > I'm just really confused by your statment that krb5.conf is required to > retreive rfc2307 attributes. What stumps me more is the fact that I really > don't see anything in your krb5.conf file that is drastically different > from > the defaults or what AD provides using the DNS SRV records. That tells me > that even if you didn't have a krb5.conf file then it 'should' work still. > I'm able to kinit against my AD without a krb5.conf file, I just can't use > the short form and have to use the full form ( [email protected] ). So I have > a krb5.conf file that sets the default realm to use the short version and > that's about it. That is why I'm asking which setting is the 'magical' > setting that worked for you. > > In my experience when I've have Kerberos issues, it wound up being > something > else I did to muck things up and when I went back and cleaned up all the > changes (there are usually a lot), the issue was something small and > usually > because I did it the wrong way. Most of my issues came from hostname, DNS > or > resolve.conf misconfigurations more than Kerberos misconfigurations. > > Robert LeBlanc > Life Sciences & Undergraduate Education Computer Support > Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
